Azure Synapse Access Control Client Library for Python

0.7.0 · active · verified Thu Apr 09

The Azure Synapse Access Control Client Library for Python enables programmatic management of role assignments within Azure Synapse Analytics workspaces. Azure Synapse is an integrated analytics service that unifies big data and data warehousing capabilities. This package is part of the broader Azure SDK for Python, with its latest public release `0.7.0` from August 2021, indicating a slower release cadence for this specific client compared to other Azure SDK components, and it is a pre-1.0.0 beta version.

Warnings

breaking As a pre-1.0.0 beta package, `azure-synapse-accesscontrol` (version 0.7.0) may introduce breaking changes in minor versions. Developers should pin to specific minor versions and carefully review release notes when upgrading to avoid unexpected API changes.
Fix: Consult the official change log for `azure-synapse-accesscontrol` before upgrading. Pin exact package versions in your `requirements.txt` to prevent automatic breaking updates.
gotcha Azure Synapse Analytics utilizes a multi-layered access control system (Azure roles, Synapse roles, SQL permissions). Correctly configuring permissions for access control operations can be complex and often requires a 'Synapse Administrator' role or a combination of specific Synapse RBAC roles and Azure RBAC roles on the underlying storage.
Fix: Thoroughly review the Azure Synapse Analytics access control documentation. Ensure the identity used by `DefaultAzureCredential` has the necessary Synapse RBAC roles (e.g., Synapse Administrator, Synapse Contributor) assigned at the workspace or specific scope level, in addition to any required Azure RBAC roles for linked resources.
deprecated The `azure-synapse` meta-package is deprecated. Users should install specific client libraries like `azure-synapse-accesscontrol` directly, rather than relying on the deprecated bundle.
Fix: Ensure you are installing `azure-synapse-accesscontrol` directly using `pip install azure-synapse-accesscontrol` and not depending on the `azure-synapse` umbrella package.
gotcha The `0.7.0` release of `azure-synapse-accesscontrol` officially supported Python versions 2.7, 3.6, 3.7, 3.8, and 3.9 (with Python 3.5 support dropped in `0.6.0`). While it may function with newer Python versions (3.10+), official compatibility is not guaranteed for this specific version, and unexpected issues may arise.
Fix: If encountering issues with Python 3.10 or newer, consider deploying in a Python 3.9 environment. Check the broader Azure SDK for Python documentation for updated compatibility policies for newer client library versions if they become available.

Install

pip install azure-synapse-accesscontrol azure-identity Install with authentication library

Imports

AccessControlClient

from azure.synapse.accesscontrol import AccessControlClient

DefaultAzureCredential

from azure.identity import DefaultAzureCredential

Quickstart

This quickstart demonstrates how to authenticate with `DefaultAzureCredential` and use the `AccessControlClient` to list role definitions and assignments in an Azure Synapse Analytics workspace. Ensure your `SYNAPSE_WORKSPACE_ENDPOINT` environment variable is set to your Synapse workspace's development endpoint (e.g., `https://<your-workspace-name>.dev.azuresynapse.net`) and that the authenticated principal has sufficient permissions, such as 'Synapse Administrator' or specific RBAC roles, to perform these operations.

import os
from azure.identity import DefaultAzureCredential
from azure.synapse.accesscontrol import AccessControlClient

# Set your Synapse Workspace endpoint as an environment variable or replace directly
# Example: 'https://<your-workspace-name>.dev.azuresynapse.net'
synapse_workspace_endpoint = os.environ.get('SYNAPSE_WORKSPACE_ENDPOINT', 'https://your-synapse-workspace.dev.azuresynapse.net')

# Authenticate using DefaultAzureCredential. This will try various methods
# like environment variables, managed identity, and interactive browser login.
credential = DefaultAzureCredential()

# Create an AccessControlClient
client = AccessControlClient(endpoint=synapse_workspace_endpoint, credential=credential)

try:
    print("Listing role definitions...")
    role_definitions = client.list_role_definitions()
    for role in role_definitions:
        print(f"- {role.name} (ID: {role.id})")

    # Example: List role assignments (requires appropriate permissions)
    print("\nListing role assignments...")
    role_assignments = client.list_role_assignments()
    for assignment in role_assignments:
        print(f"- Role Assignment ID: {assignment.id}, Role ID: {assignment.role_definition_id}, Principal ID: {assignment.principal_id}")

except Exception as e:
    print(f"An error occurred: {e}")
    print("Ensure you have the correct permissions (e.g., Synapse Administrator) and the SYNAPSE_WORKSPACE_ENDPOINT is correctly set.")

view raw JSON →